Skip to content
AS
Alonso Sala
CRIMINAL LAWYERS
ES

Criminal Defence for the Effective Compliance Exemption (Art. 31 bis 2 CP)

Judicial accreditation of an effective compliance program to obtain criminal liability exemption for the legal entity.

Last updated:

The effective compliance exemption (Art. 31 bis 2 CP) is the only way for the legal entity to completely avoid criminal conviction when an offense has been committed within it. Having a document called "Compliance Manual" is not enough: the Supreme Court, in STS 154/2016 and later rulings, has consolidated that only materially effective and prior compliance excludes the company's culpability.

Cumulative Requirements of Art. 31 bis 2 CP

The exemption requires proving the four requirements simultaneously:

  • Prior program: Adopted and executed before the commission of the offense, not afterwards.
  • Autonomous body: Compliance Officer or Compliance Committee with autonomous powers of initiative and control. Its independence is scrutinized by the court.
  • Fraudulent circumvention: The individual author circumvented the program fraudulently and deliberately. If the offense was possible due to defects of the program itself, there is no exemption.
  • Absence of supervisory omission: The control body exercised its functions in a real and sufficient manner, not merely formally.

Autonomous Compliance Officer with Resources

The court does not accept a figurehead. The Compliance Officer (or committee) must enjoy genuine autonomous powers of initiative and control, backed by an own budget, sufficient staff and a direct reporting line to the board —not to the very executive whose area is being controlled. Real independence is proven with hard evidence: committee minutes, prior cases in which the program was actually applied, and a documented capacity to investigate and escalate. Without resources, autonomy is fictitious and the exemption fails, because a control body that cannot act is indistinguishable from no control at all.

Fraudulent Circumvention of the Program

This is the requirement most often litigated. The exemption presupposes that the material author deliberately and covertly circumvented a working program —concealing information, falsifying documents or bypassing established controls— rather than simply taking advantage of the program's own gaps. The distinction is decisive: if the offence was possible because the model had holes, the company shares the blame and there is no exemption; if the author had to defeat real, functioning controls to commit it, the program proves its effectiveness. Our defence reconstructs, document by document, exactly how the controls were evaded.

Post-Event Forensic Audit

When the imputation is notified, the criminal law firm must immediately activate a forensic audit of the program: review of Compliance Committee minutes, training delivered, complaints received and processed, risk assessments, controls applied to the specific area where the act occurred. This audit results in a technical expert report filed in the proceedings as exonerating evidence. The quality of this report is usually decisive for the court to grant exemption or mitigation.

Evidence Strategy at Trial

Exemption is won with evidence, not assertions. The strategy combines a documentary snapshot of the program in force —captured with a certified date to prevent any allegation of after-the-fact manufacturing—, an expert report assessing it against recognised standards (UNE 19601, ISO 37301) and the testimony of the Compliance Officer on the program's day-to-day operation. Where the four requirements are fully met the result is the acquittal of the legal entity; where they are only partially met, the same evidence supports the highly qualified mitigation of Art. 31 quater CP, with a one- or two-degree reduction. Exemption of the company never exempts the individual material author.

The six requirements of an effective model (Art. 31 bis 5 CP)

The exemption is not earned by merely having a programme, but by proving the model was adequate and effective before the offence. Article 31 bis 5 of the Criminal Code sets the minimum content that must be evidenced: first, identifying the activities in whose scope the offences to be prevented may be committed, that is, a real criminal-risk map specific to the company rather than a generic template. Second, establishing protocols or procedures that articulate how the legal entity forms its will, adopts decisions and executes them. These two pillars turn the model into a genuine prevention tool instead of a decorative document.

Third, having financial-resource management models adequate to prevent the offences to be prevented, avoiding, for instance, opaque funds or parallel accounts. Fourth, imposing a duty to report possible risks and breaches to the body charged with overseeing the model, which connects directly to the internal whistleblowing channel. Fifth, establishing a disciplinary system that adequately sanctions breaches of the measures. And sixth, carrying out a periodic verification of the model and modifying it when material breaches come to light or when changes occur in the organisation, its control structure or its activity.

Adequacy is judged ex ante and effectiveness ex post. A well-designed model that is never applied, with no training, no traceability of its operation and no sanctions for breaches, will struggle to pass judicial scrutiny. The defence therefore relies on documentary evidence: minutes, training records, monitoring reports, disciplinary files and risk-map reviews. Partially evidencing these requirements is not worthless, because it allows the company to invoke mitigation where the full standard for exemption is not reached.

The autonomous oversight body and the burden of proving the exemption

Article 31 bis 2 CP requires that oversight of the model's operation and compliance be entrusted to a body with autonomous powers of initiative and control. That autonomy is functional and material: the compliance officer or compliance body must have resources, access to information and the capacity to act without depending on those who could commit or conceal the offence. In small legal entities, the law allows these functions to be assumed directly by the management body, adapting the requirement to the firm's actual size. What matters is not the organisation chart but that oversight genuinely exists and is effectively exercised.

The exemption only operates if the statutory conditions concur together: an adequate model adopted and effectively implemented before the offence, oversight entrusted to that autonomous body, commission of the offence by the perpetrator fraudulently evading the model, and no omission or insufficient exercise of the oversight and control functions. If the offence was possible because supervision failed, the evasion ceases to be fraudulent and the exemption falls away. That is why the defence documents both the design of the model and the concrete conduct of the compliance body.

In practice, the party invoking the exemption must provide elements supporting the adequacy and effectiveness of the model, without this displacing the presumption of innocence or shifting onto the company the proof of the offence itself. The strategy is to build a solid evidentiary file from the very start of the investigation, anticipating the judicial assessment. Proving the existence, implementation and real operation of the programme is what separates the full exemption from the mere mitigation provided for in Article 31 bis 2 in fine and in Article 31 quater CP.

The investigated legal entity: procedural status, its own defence and the company's plea

When proceedings are directed against the company, it acquires the status of an investigated party with rights of its own, distinct from those of its directors or employees. The legal entity appoints its own procedural representation and counsel, who must be independent of anyone with conflicting interests: an administrator or worker charged in an individual capacity cannot simultaneously assume the company's defence where a conflict of interest exists, because the firm's line of defence, centred on demonstrating its prevention model, may be opposed to that of the natural person.

The criminal liability of the legal entity is autonomous from that of the natural person (Article 31 ter CP): the company may be convicted even if the specific physical perpetrator is not identified, even if that person has died, is in default of appearance or is acquitted for personal reasons. This autonomy requires the corporate defence to be built around its own subject matter, the existence, adequacy and effectiveness of the organisation and management model, and not merely around the fate of the investigated director. They are two planes of liability assessed separately.

The legal entity may reach its own plea agreement, distinct from that of the natural persons, allowing the organisation to contain its criminal exposure according to its strategy and the available evidence. Deciding between maintaining the exemption, negotiating a plea or invoking mitigating factors is a technical assessment that depends on the strength of the compliance programme and the stage of the investigation. An early, orderly and documentarily supported defence is what preserves the company's options before its procedural position closes.

Whistleblowing channel (Law 2/2023), internal investigations and succession in M&A

Law 2/2023 of 20 February, on the protection of whistleblowers, requires companies with fifty or more workers to have an internal information system, with a confidential and even anonymous channel, managed by a designated person notified to the Independent Whistleblower Protection Authority. This channel is not merely a regulatory obligation: it feeds the fourth requirement of Article 31 bis 5 CP, reinforces the effectiveness of the criminal-compliance model and protects the reporter against retaliation. An operational channel, with deadlines, traceability and guarantees against reprisal, is relevant evidence in support of the exemption.

Internal investigations triggered by a report must respect the rights of the affected employees so that the evidence obtained is lawful and usable in the criminal proceedings. Prior information on data processing, proportionality of the measures, respect for privacy and dignity, and the possibility of legal assistance are conditions that delimit the validity of interviews, access to devices and review of corporate communications. A poorly conducted internal investigation may taint the evidence and weaken the very model the company sought to rely on.

The criminal liability of the legal entity is not extinguished by its transformation, merger, absorption or division (Article 130.2 CP): it transfers to the resulting entity, with the penalty modulated according to the proportion the original entity bears to the new one. This makes criminal due diligence an essential element of any M&A transaction, because the acquiring company may inherit past criminal contingencies. The penalties applicable to the legal entity are set out in Article 33.7 CP and include a fine, dissolution, suspension of activities, closure of premises, prohibition of activities, disqualification from public subsidies and contracts, and judicial intervention, which measures the importance of an effective compliance programme.

balance

Penalties & Consequences: Criminal Defence for the Effective Compliance Exemption (Art. 31 bis 2 CP)

Type / ScenarioCriminal Penalty
Total exemption (Art. 31 bis 2 CP)Acquittal of the legal entity. Does not exempt the individual material author.
Highly qualified mitigation (Art. 31 quater CP)1 or 2 degrees of penalty reduction. Possibility of symbolic fine and avoidance of interdictory penalty.
Without compliance or cooperationFull penalty: proportional fine, dissolution, suspension, judicial intervention and disqualification for public contracts.

* Penalties shown are indicative. The actual penalty depends on case circumstances, applicable mitigating and aggravating factors.

shield_lock

Defense Strategy: Criminal Defence for the Effective Compliance Exemption (Art. 31 bis 2 CP)

gavel01

Documentary Snapshot of the Program

Immediate certified-date capture of all compliance documentation in force at the time of the act.

gavel02

UNE-ISO 37301 Expert Report

File a technical expert report evaluating the program against internationally recognized standards (UNE 19601, ISO 37301).

gavel03

Defense Through Proven Circumvention

Documentarily reconstruct how the material author bypassed existing controls, evidencing the fraudulent nature of the act.

Economic Criminal Law in Spain: Tax Fraud, Money Laundering and Corporate Crimes

Economic criminal law encompasses the most severe financial penalties in the Spanish Criminal Code. Tax fraud over €120,000 (Art. 305 CP), money laundering (Art. 301 CP), and corporate crimes (Art. 290-297 CP) are complex offenses where defense requires a combination of criminal law expertise and deep accounting/financial knowledge.

Penalty Comparison: Economic Offenses

OffenseThresholdPenalty
Tax Fraud (Art. 305)>€120,0001 – 5 years + fine x6
Aggravated Tax Fraud>€600,0002 – 6 years
Money Laundering (Art. 301)Any amount6 months – 6 years
Aggravated LaunderingOrganized/financial systemUp to 9 years
Corporate Crime (Art. 290)Balance sheet falsification1 – 3 years
Punishable Insolvency (Art. 259)Fraudulent bankruptcy1 – 4 years

Key Defense Strategies

Tax Regularization Defense (Art. 305.4 CP)

Pay the full tax debt before charges are formally filed and the crime is extinguished. This is the most powerful complete defense in tax fraud cases.

Challenge the €120K Threshold

The tax authority's calculation method is often contestable. Independent forensic accounting can challenge the assessed figure below the criminal threshold.

Money Laundering 'Self-laundering' Issues

Spanish courts have debated whether the primary offender can also be convicted of laundering their own proceeds. Challenge the double jeopardy implications.

Corporate Crime: Harm to Company vs. Shareholders

Art. 295 corporate crimes require actual financial harm to the company or its members. Demonstrate that any loss was speculative or absent.

gavel

Why Choose Us?

Need a criminal defense lawyer for this type of offense? Here's how we work:

check
Forensic Program AuditDocument reconstruction of the program in force at the time of the act through independent technical-organizational expert evidence.
check
Proof of Real Compliance Officer AutonomyMinutes, own budget, direct reporting to the board and prior cases of program application.
check
Demonstration of Fraudulent CircumventionEstablish that the material author concealed information, falsified documents or deliberately circumvented controls.
workspace_premium
+15 Years of ExperienceTeam dedicated exclusively to criminal law before Spanish courts and tribunals.
support_agent
Direct AttentionYour case is handled directly by a senior lawyer of the firm.
Consult My Casearrow_forward

Do you need specialised legal assistance?

The judicial system is complex. We have the criminal-law specialisation and technical resources required to take on the defence.

call